Announcement (2017-05-07): www.ruby-forum.com is now read-only since I
unfortunately do not have the time to support and maintain the forum any
more. Please see rubyonrails.org/community and ruby-lang.org/en/community
for other Rails- und Ruby-related community platforms.

I'm building a small Sinatra server which has one GET route called
`/execute`. It accepts a `code` parameter and runs the Ruby code from
that parameter using the `sandboxed` gem, returning a result in JSON.
# /app.rb
class MistressBase < Sinatra::Base
get '/execute' do
content_type :json
Oj.dump( {
'result' => safe { eval(URI.unescape(params[:code])) }
} )
end
end
# /config.ru
require 'sinatra/base'
require 'sandboxed'
require 'uri'
require 'oj'
require './app'
run MistressBase
When I run `shotgun config.ru` everything's fine. If I go to and pass
something simple like `http://localhost:9393/execute?code=70-1` I get
the expected JSON response of `{"result":69}`. However if I pass a
file-like string like
`require%20'benchmark'%0A%0ABenchmark.measure%20%7B%20'a'%20*%201_000_000%20%7D%0A%0A`
which is basically, this but `URI.escape`ed:
require 'benchmark'
Benchmark.measure { 'a' * 1_000_000 }
I get a `ThreadError at /execute` with the description of `current
thread not owner`. I have attached the backtrace.
Also, setting `code` the parameter to `/execute` to something like `1 -
1` (encoded) gives me the same error while `1-1` doesn't. What am I
missing? Why am I getting this error?

On Sat, Nov 16, 2013 at 7:47 PM, Rafal C. <lists@ruby-forum.com> wrote:
> I get a `ThreadError at /execute` with the description of `current> thread not owner`. I have attached the backtrace.>> Also, setting `code` the parameter to `/execute` to something like `1 -> 1` (encoded) gives me the same error while `1-1` doesn't. What am I> missing? Why am I getting this error?
Just guessing: method safe will probably start a new thread so it can
adjust $SAFE. The code in the block passed to safe probably somewhere
tries to access a critical section which the outer code has locked
already.
Kind regards
robert

Robert Klemme wrote in post #1127735:
> Just guessing: method safe will probably start a new thread so it can> adjust $SAFE. The code in the block passed to safe probably somewhere> tries to access a critical section which the outer code has locked> already.
Any way to avoid that and be able to run code safely in my setup and
scenario?